PT-2023-31887 · Unknown · Activeadmin

Name of the Vulnerable Software and Affected Versions: ActiveAdmin versions prior to 3.2.0 Description: The issue allows CSV injection, which can lead to remote code execution and private data exfiltration when maliciously crafted spreadsheet formulas are uploaded and imported into a spreadsheet...

Security Bulletin: IBM Security Guardium is affected by a CSV Injection vulnerability (CVE-2023-42004)

Summary IBM Security Guardium has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2023-42004 DESCRIPTION: IBM Security Guardium is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents...

CVE-2023-5886

CVE-2023-5886 affects the WP All Export (Free < 1.4.1) and WP All Export Pro (

PT-2023-32392 · WordPress · Export Any Wordpress Data To Xml/Csv +1

Name of the Vulnerable Software and Affected Versions: Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0 WP All Export Pro WordPress plugin versions prior to 1.8.6 Description: The issue allows attackers to make logged-in users perform unwanted actions, leading to remo...

PT-2023-30383 · WordPress · Wp All Export Pro +1

Name of the Vulnerable Software and Affected Versions: Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0 WP All Export Pro WordPress plugin versions prior to 1.8.6 Description: The issue concerns the lack of validation and sanitization of the wp query parameter, allowi...

CVE-2023-49775

Cross-Site Request Forgery CSRF vulnerability in Denis Kobozev CSV Importer.This issue affects CSV Importer: from n/a through 0.3.8...

CVE-2023-49775

Cross-Site Request Forgery CSRF vulnerability in Denis Kobozev CSV Importer.This issue affects CSV Importer: from n/a through 0.3.8...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Denis Kobozev CSV Importer.This issue affects CSV Importer: from n/a through 0.3.8...

CVE-2023-49775 WordPress CSV Importer Plugin <= 0.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Denis Kobozev CSV Importer.This issue affects CSV Importer: from n/a through 0.3.8...

CVE-2023-49775 WordPress CSV Importer Plugin <= 0.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Denis Kobozev CSV Importer.This issue affects CSV Importer: from n/a through 0.3.8...

CVE-2023-49775

CVE-2023-49775 is a CSRF vulnerability in the WordPress plugin CSV Importer affecting versions

WordPress Plugin CSV Importer Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure due to a concurrency issue that results in a shared variable not being properly synchronized. An attacker with access to the same ActiveAdmin application can obtain private data intended for another user by timing...

Potential CSV export data leak

Impact In ActiveAdmin versions prior to 2.12.0, a concurrency issue was found that could allow a malicious actor to be able to access potentially private data that belongs to another user. The bug affects the functionality to export data as CSV files, and was caused by a variable holding the...

GHSA-356J-HG45-X525 Potential CSV export data leak

Impact In ActiveAdmin versions prior to 2.12.0, a concurrency issue was found that could allow a malicious actor to be able to access potentially private data that belongs to another user. The bug affects the functionality to export data as CSV files, and was caused by a variable holding the...

Potential CSV export data leak

Impact In ActiveAdmin versions prior to 2.12.0, a concurrency issue was found that could allow a malicious actor to be able to access potentially private data that belongs to another user. The bug affects the functionality to export data as CSV files, and was caused by a variable holding the...

External Control of File Name or Path in h2oai/h2o-3

Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1", if they're exporting ...

PT-2023-32697

Name of the Vulnerable Software and Affected Versions h2oai/h2o-3 affected versions not specified Description The issue allows unauthenticated users to overwrite any file accessible to the user who executes h2o.init, potentially resulting in a denial of service. Remote unauthenticated attackers c...

CSV Importer < 0.3.9 - Cross-Site Request Forgery

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into...

CVE-2023-48841

Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language Labels Export action...